Google says iPhones hacked for years

Joanna Estrada
August 30, 2019

Researchers from Google's notorious Project Zero division, home to white hat hackers who have named and shamed a number of its rivals in the past, said the attack took the form of a piece of malware hidden in a seemingly genuine webpage, which quietly installs itself when surfed to on the device.

TAG was able to collect five separate, complete and unique iPhone exploit chains, covering nearly every version from iOS 10 through to the latest version of iOS 12.

In a deep-dive blog post published Thursday evening, Ian Beer, a security expert on Google's Project Zero, detailed how hackers had been using malicious websites to exploit an iPhone software vulnerability.

Mr Beer's analysis did not speculate on who may be behind the attack, nor how lucrative the tool may have been on the black market.

This type of widespread yet random attack is rare, and it may be one of the biggest attacks ever on iPhone users. The websites are operational for years and visited by thousands of users every week. The hacks spanned iOS 10 through 12, which Beer said indicated a "sustained effort" to hack iPhones over a period of two years.

Visit Business Insider's homepage for more stories.

Google didn't release any information about the sites serving the exploits.

Wicus Ross, a senior researcher at the firm, said: "Data we have collected regarding Apple iOS patch behaviour suggests that users patch frequently".

"However, there are a small percentage of users that do not upgrade to new versions of iOS or even apply security patches".

"These seem to stay constant over time and relate to older iPhone/iPad device models".

Ross added: "The Google Project Zero blog post did not reveal much about the compromised web sites besides the ballpark number relating to site visitors".

Google demonstrated that the implant could "steal private data like iMessages, photos and Global Positioning System location in real-time"; it also had access to users' keychains and password data, as well as database files containing plaintext of messages sent and received in messaging apps such as Google Hangouts, and even end-to-end encrypted apps including WhatsApp, iMessage, and Telegram.

Google's team reported the flaws to Apple earlier this year, with the flaws being patched in the release of iOS 12.1.4 on February 7th, however Beer noted that this could only be one of many attacks against iPhone software.

The data collection wasn't limited to Apple apps either - in testing, the malware was able to extract data from most leading apps from third parties, including WhatsApp and Google Maps - and, yes, before you ask, it got yer GMail too.

The tech giant swiftly patched the flaw six days later to protect users against it.

iPhone customers must replace their software to the newest instrument to ensure they're adequately safe.

Other reports by Click Lancashire

Discuss This Article